For the last two weeks or so news outlets in the US and UK (at least) have been filled with stories of government data collection. In the US this has been focused primarily on communication metadata – what numbers called what numbers when. There have been stories of tracking of Internet data and hints that even more information is being collected than has so far been disclosed.
But I’m not going to write about the merits or lack of them regarding such programs. Rather I’m concerned about suggestions that all web software and VoIP software should have “backdoors” – ways for people to capture content – so law enforcement can access that information without additional intervention.
I would like to be perfectly clear here: backdoors are a very bad idea. And I’m not alone. This paper includes history of wiretapping and discusses the evils of requiring backdoors in communication endpoints. The authors include Phil Zimmerman of PGP fame and Bruce Schneier who has written numerous books and articles on cybersecurity and is a very well respected security guru. I suggest you read the paper.
I fully understand the need for law enforcement to eavesdrop on some communications. Whether it be for traditional law enforcement or anti-terrorism, it can be a valuable way to catch the bad guys. Done legally, this kind of eavesdropping requires a warrant and that provides legal protection. From a cybersecurity standpoint, eavesdropping is a compromise to the confidentiality of communication.
Backdoors, on the other hand, can be compromised by bad actors. People with ill-intent can potentially find ways to compromise the backdoor feature and eavesdrop on or even possibly manipulate communications. This could be a great harm to personal and national security.
So, what is a backdoor, exactly? There are multiple ways to put backdoors in communication endpoints (software on users’ computers, for example). One simple way might be a small program on the user’s computer that listens for a particular data packet on a particular UDP port. When the packet arrives, the program begins tracking and perhaps recording VoIP data. That might be fairly easy to find, of course, so a real backdoor would be more sophisticated.
I use encrypting software so I’m safe, right? Well, that’s part of the issue. There are suggestions that vendors do the wiretapping before encryption and after decryption. That way there would be no issues with the acquired data.
What will this lead to? I see at least three possible outcomes: 1) the proposals to include endpoint backdoors go nowhere; 2) endpoint software gets backdoors and people find a way around it; or 3) endpoint software gets backdoors, and use of software without a way for government to capture unencrypted data is prohibited. The latter is akin to what was proposed for the Clipper chip.
How might people get around a backdoor and still send encrypted data? People had – and still have – encrypted phone calls over the telephone network. They can use the same techniques over the Internet. The idea would be that instead of plugging a mic and speakers into the computer directly, one would plug in an encryption device. Yes, if those devices were cheap and common it would make backdoor eavesdropping moot. So the real threat isn’t encrypting software, is it?
Confidentiality, thinking like the bad guys, and trying to discover the real threats are important cybersecurity concepts we discuss in Learning Tree Course 468, System and Network Security. Let us know your thoughts on these issues in the comments below.